Move Single Own Namespace support back to alpha (#2568)

Signed-off-by: Todd Short <tshort@redhat.com>

Author: tmshort

api/v1/clusterextension_types.go

@@ -105,6 +105,7 @@ type ClusterExtensionSpec struct {
 	// a configuration schema the bundle is deemed to not be configurable. More information on how
 	// to configure bundles can be found in the OLM documentation associated with your current OLM version.
 	//
+	// <opcon:experimental>
 	// +optional
 	Config *ClusterExtensionConfig `json:"config,omitempty"`
 

applyconfigurations/api/v1/clusterextensionspec.go

@@ -343,7 +343,7 @@ _Appears in:_
 | `serviceAccount` _[ServiceAccountReference](#serviceaccountreference)_ | serviceAccount specifies a ServiceAccount used to perform all interactions with the cluster<br />that are required to manage the extension.<br />The ServiceAccount must be configured with the necessary permissions to perform these interactions.<br />The ServiceAccount must exist in the namespace referenced in the spec.<br />The serviceAccount field is required. |  | Required: \{\} <br /> |
 | `source` _[SourceConfig](#sourceconfig)_ | source is required and selects the installation source of content for this ClusterExtension.<br />Set the sourceType field to perform the selection.<br />Catalog is currently the only implemented sourceType.<br />Setting sourceType to "Catalog" requires the catalog field to also be defined.<br />Below is a minimal example of a source definition (in yaml):<br />source:<br />  sourceType: Catalog<br />  catalog:<br />    packageName: example-package |  | Required: \{\} <br /> |
 | `install` _[ClusterExtensionInstallConfig](#clusterextensioninstallconfig)_ | install is optional and configures installation options for the ClusterExtension,<br />such as the pre-flight check configuration. |  | Optional: \{\} <br /> |
-| `config` _[ClusterExtensionConfig](#clusterextensionconfig)_ | config is optional and specifies bundle-specific configuration.<br />Configuration is bundle-specific and a bundle may provide a configuration schema.<br />When not specified, the default configuration of the resolved bundle is used.<br />config is validated against a configuration schema provided by the resolved bundle. If the bundle does not provide<br />a configuration schema the bundle is deemed to not be configurable. More information on how<br />to configure bundles can be found in the OLM documentation associated with your current OLM version. |  | Optional: \{\} <br /> |
+| `config` _[ClusterExtensionConfig](#clusterextensionconfig)_ | config is optional and specifies bundle-specific configuration.<br />Configuration is bundle-specific and a bundle may provide a configuration schema.<br />When not specified, the default configuration of the resolved bundle is used.<br />config is validated against a configuration schema provided by the resolved bundle. If the bundle does not provide<br />a configuration schema the bundle is deemed to not be configurable. More information on how<br />to configure bundles can be found in the OLM documentation associated with your current OLM version.<br /><opcon:experimental> |  | Optional: \{\} <br /> |
 | `progressDeadlineMinutes` _integer_ | progressDeadlineMinutes is an optional field that defines the maximum period<br />of time in minutes after which an installation should be considered failed and<br />require manual intervention. This functionality is disabled when no value<br />is provided. The minimum period is 10 minutes, and the maximum is 720 minutes (12 hours).<br /><opcon:experimental> |  | Maximum: 720 <br />Minimum: 10 <br />Optional: \{\} <br /> |
 
 

docs/api-reference/olmv1-api-reference.md

@@ -1,7 +1,8 @@
 ## Description
 
 !!! note
-The `SingleOwnNamespaceInstallSupport` feature-gate is enabled by default. Use this guide to configure bundles that need Single or Own namespace install modes.
+This feature is still in *alpha* the `SingleOwnNamespaceInstallSupport` feature-gate must be enabled to make use of it.
+See the instructions below on how to enable it.
 
 ---
 
@@ -30,6 +31,28 @@ include *installModes*.
 
 [![OwnNamespace Install Demo](https://asciinema.org/a/Rxx6WUwAU016bXFDW74XLcM5i.svg)](https://asciinema.org/a/Rxx6WUwAU016bXFDW74XLcM5i)
 
+## Enabling the Feature-Gate
+
+!!! tip
+
+This guide assumes OLMv1 is already installed. If that is not the case,
+you can follow the [getting started](../../getting-started/olmv1_getting_started.md) guide to install OLMv1.
+
+---
+
+Patch the `operator-controller` `Deployment` adding `--feature-gates=SingleOwnNamespaceInstallSupport=true` to the
+controller container arguments:
+
+```terminal title="Enable SingleOwnNamespaceInstallSupport feature-gate"
+kubectl patch deployment -n olmv1-system operator-controller-controller-manager --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--feature-gates=SingleOwnNamespaceInstallSupport=true"}]'
+```
+
+Wait for `Deployment` rollout:
+
+```terminal title="Wait for Deployment rollout"
+kubectl rollout status -n olmv1-system deployment/operator-controller-controller-manager
+```
+
 ## Configuring the `ClusterExtension`
 
 A `ClusterExtension` can be configured to install bundle in `Single-` or `OwnNamespace` mode through the

docs/draft/howto/single-ownnamespace-install.md

@@ -91,6 +91,9 @@ Then you can query the catalog by using `curl` commands and the `jq` CLI tool to
         ...
         ```
 
+    !!! important
+        OLM 1.0 supports installing extensions that define webhooks. Targeting a single or specified set of namespaces requires enabling the `SingleOwnNamespaceInstallSupport` feature-gate.
+
 3. Return list of packages which support `AllNamespaces` install mode, do not use webhooks, and where the channel head version uses `olm.csv.metadata` format:
 
     ``` terminal

docs/draft/tutorials/explore-available-content-metas-endpoint.md

@@ -91,6 +91,9 @@ Then you can query the catalog by using `curl` commands and the `jq` CLI tool to
         ...
         ```
 
+    !!! important
+        OLM 1.0 supports installing extensions that define webhooks. Targeting a single or specified set of namespaces requires enabling the `SingleOwnNamespaceInstallSupport` feature-gate.
+
 3. Return list of packages that support `AllNamespaces` install mode and do not use webhooks:
 
     ``` terminal

docs/tutorials/explore-available-content.md

@@ -6,14 +6,16 @@
 set -e
 trap 'echo "Demo ran into error"; trap - SIGTERM && kill -- -$$; exit 1' ERR SIGINT SIGTERM EXIT
 
-# install standard CRDs
-echo "Install standard CRDs..."
-kubectl apply -f "$(dirname "${BASH_SOURCE[0]}")/../../manifests/standard.yaml"
+# install experimental CRDs with config field support
+kubectl apply -f "$(dirname "${BASH_SOURCE[0]}")/../../manifests/experimental.yaml"
 
-# wait for standard CRDs to be available
+# wait for experimental CRDs to be available
 kubectl wait --for condition=established --timeout=60s crd/clusterextensions.olm.operatorframework.io
 
-# Ensure controller is healthy
+# enable 'SingleOwnNamespaceInstallSupport' feature gate
+kubectl patch deployment -n olmv1-system operator-controller-controller-manager --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--feature-gates=SingleOwnNamespaceInstallSupport=true"}]'
+
+# wait for operator-controller to become available
 kubectl rollout status -n olmv1-system deployment/operator-controller-controller-manager
 
 # create install namespace
@@ -55,6 +57,17 @@ kubectl delete clusterextension argocd-operator --ignore-not-found=true
 kubectl delete namespace argocd-system --ignore-not-found=true
 kubectl delete clusterrolebinding argocd-installer-crb --ignore-not-found=true
 
+# remove feature gate from deployment
+echo "Removing feature gate from operator-controller..."
+kubectl patch deployment -n olmv1-system operator-controller-controller-manager --type='json' -p='[{"op": "remove", "path": "/spec/template/spec/containers/0/args", "value": "--feature-gates=SingleOwnNamespaceInstallSupport=true"}]' || true
+
+# restore standard CRDs
+echo "Restoring standard CRDs..."
+kubectl apply -f "$(dirname "${BASH_SOURCE[0]}")/../../manifests/base.yaml"
+
+# wait for standard CRDs to be available
+kubectl wait --for condition=established --timeout=60s crd/clusterextensions.olm.operatorframework.io
+
 # wait for operator-controller to become available with standard config
 kubectl rollout status -n olmv1-system deployment/operator-controller-controller-manager
 

hack/demo/own-namespace-demo-script.sh

@@ -6,14 +6,16 @@
 set -e
 trap 'echo "Demo ran into error"; trap - SIGTERM && kill -- -$$; exit 1' ERR SIGINT SIGTERM EXIT
 
-# install standard CRDs
-echo "Install standard CRDs..."
-kubectl apply -f "$(dirname "${BASH_SOURCE[0]}")/../../manifests/standard.yaml"
+# install experimental CRDs with config field support
+kubectl apply -f "$(dirname "${BASH_SOURCE[0]}")/../../manifests/experimental.yaml"
 
-# wait for standard CRDs to be available
+# wait for experimental CRDs to be available
 kubectl wait --for condition=established --timeout=60s crd/clusterextensions.olm.operatorframework.io
 
-# Ensure controller is healthy
+# enable 'SingleOwnNamespaceInstallSupport' feature gate
+kubectl patch deployment -n olmv1-system operator-controller-controller-manager --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--feature-gates=SingleOwnNamespaceInstallSupport=true"}]'
+
+# wait for operator-controller to become available
 kubectl rollout status -n olmv1-system deployment/operator-controller-controller-manager
 
 # create install namespace
@@ -58,6 +60,17 @@ kubectl delete clusterextension argocd-operator --ignore-not-found=true
 kubectl delete namespace argocd-system argocd --ignore-not-found=true
 kubectl delete clusterrolebinding argocd-installer-crb --ignore-not-found=true
 
+# remove feature gate from deployment
+echo "Removing feature gate from operator-controller..."
+kubectl patch deployment -n olmv1-system operator-controller-controller-manager --type='json' -p='[{"op": "remove", "path": "/spec/template/spec/containers/0/args", "value": "--feature-gates=SingleOwnNamespaceInstallSupport=true"}]' || true
+
+# restore standard CRDs
+echo "Restoring standard CRDs..."
+kubectl apply -f "$(dirname "${BASH_SOURCE[0]}")/../../manifests/base.yaml"
+
+# wait for standard CRDs to be available
+kubectl wait --for condition=established --timeout=60s crd/clusterextensions.olm.operatorframework.io
+
 # wait for operator-controller to become available with standard config
 kubectl rollout status -n olmv1-system deployment/operator-controller-controller-manager
 

hack/demo/single-namespace-demo-script.sh

@@ -9,6 +9,7 @@ options:
   operatorController:
     features:
       enabled:
+        - SingleOwnNamespaceInstallSupport
         - PreflightPermissions
         - HelmChartSupport
         - BoxcutterRuntime

helm/experimental.yaml

@@ -57,44 +57,6 @@ spec:
             description: spec is an optional field that defines the desired state
               of the ClusterExtension.
             properties:
-              config:
-                description: |-
-                  config is optional and specifies bundle-specific configuration.
-                  Configuration is bundle-specific and a bundle may provide a configuration schema.
-                  When not specified, the default configuration of the resolved bundle is used.
-
-                  config is validated against a configuration schema provided by the resolved bundle. If the bundle does not provide
-                  a configuration schema the bundle is deemed to not be configurable. More information on how
-                  to configure bundles can be found in the OLM documentation associated with your current OLM version.
-                properties:
-                  configType:
-                    description: |-
-                      configType is required and specifies the type of configuration source.
-
-                      The only allowed value is "Inline".
-
-                      When set to "Inline", the cluster extension configuration is defined inline within the ClusterExtension resource.
-                    enum:
-                    - Inline
-                    type: string
-                  inline:
-                    description: |-
-                      inline contains JSON or YAML values specified directly in the ClusterExtension.
-
-                      It is used to specify arbitrary configuration values for the ClusterExtension.
-                      It must be set if configType is 'Inline' and must be a valid JSON/YAML object containing at least one property.
-                      The configuration values are validated at runtime against a JSON schema provided by the bundle.
-                    minProperties: 1
-                    type: object
-                    x-kubernetes-preserve-unknown-fields: true
-                required:
-                - configType
-                type: object
-                x-kubernetes-validations:
-                - message: inline is required when configType is Inline, and forbidden
-                    otherwise
-                  rule: 'has(self.configType) && self.configType == ''Inline'' ?has(self.inline)
-                    : !has(self.inline)'
               install:
                 description: |-
                   install is optional and configures installation options for the ClusterExtension,